RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 18:17:44 +00:00
Code Issues Activity

fix: fix grafana headers

Browse source
This commit is contained in:
RGBCube 2025-02-23 20:37:20 +03:00
parent f3e93ee63e
commit d1dc2a3984
2 changed files with 7 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hosts/cube/grafana/default.nix
View file

@ -69,14 +69,13 @@ in {
}; };
services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate { services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
extraConfig = /* nginx */ ''
# Grafana sets `nosniff` while not setting the content type properly,
# so everything breaks with it. Unset the header.
${config.services.nginx.headers}
add_header X-Content-Type-Options "" always;
'';
locations."/" = { locations."/" = {
extraConfig = /* nginx */ ''
# Grafana sets `nosniff` while not setting the content type properly,
# so everything breaks with it. Unset the header.
proxy_hide_header X-Content-Type-Options;
'';
proxyPass = "http://[::1]:${toString port}"; proxyPass = "http://[::1]:${toString port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };

2
modules/nginx.nix
View file

@ -16,7 +16,7 @@ in {
add_header Strict-Transport-Security $hsts_header always; add_header Strict-Transport-Security $hsts_header always;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'none';" always; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline'; object-src 'self'; base-uri 'self';" always;
add_header Referrer-Policy no-referrer always; add_header Referrer-Policy no-referrer always;